summaryrefslogtreecommitdiffstats
path: root/usr.sbin/ctld
diff options
context:
space:
mode:
authortrasz <trasz@FreeBSD.org>2014-02-11 11:31:08 +0000
committertrasz <trasz@FreeBSD.org>2014-02-11 11:31:08 +0000
commit7f7fd0dbc0e0dff0202586fa4aa864c47f28bfd2 (patch)
tree2669eefa08b23b6af7c0b5880733505e6d96f351 /usr.sbin/ctld
parent87a841d29adb494353457f21fbb7306271ec9d47 (diff)
downloadFreeBSD-src-7f7fd0dbc0e0dff0202586fa4aa864c47f28bfd2.zip
FreeBSD-src-7f7fd0dbc0e0dff0202586fa4aa864c47f28bfd2.tar.gz
Use "default" as default discovery-auth-group, instead of "no-access".
It doesn't change visible behaviour, as previously auth-group "default" wasn't redefinable, so by default access was always denied. Sponsored by: The FreeBSD Foundation
Diffstat (limited to 'usr.sbin/ctld')
-rw-r--r--usr.sbin/ctld/ctl.conf.58
-rw-r--r--usr.sbin/ctld/ctld.c3
2 files changed, 7 insertions, 4 deletions
diff --git a/usr.sbin/ctld/ctl.conf.5 b/usr.sbin/ctld/ctl.conf.5
index e01f37d..d44caa8 100644
--- a/usr.sbin/ctld/ctl.conf.5
+++ b/usr.sbin/ctld/ctl.conf.5
@@ -131,9 +131,11 @@ The following statements are available at the portal-group level:
.It Ic discovery-auth-group Aq Ar name
Assigns previously defined authentication group to that portal group,
to be used for target discovery.
-By default, the discovery will be denied.
-A special auth-group, "no-authentication", may be used to allow for discovery
-without authentication.
+By default, portal groups that do not specify their own auth settings,
+using clauses such as "chap" or "initiator-name", are assigned
+predefined auth-group "default", which denies discovery.
+Another predefined auth-group, "no-authentication", may be used
+to permit discovery without authentication.
.It Ic listen Aq Ar address
Specifies IPv4 or IPv6 address and port to listen on for incoming connections.
.It Ic listen-iser Aq Ar address
diff --git a/usr.sbin/ctld/ctld.c b/usr.sbin/ctld/ctld.c
index 0f20ef3..a457482 100644
--- a/usr.sbin/ctld/ctld.c
+++ b/usr.sbin/ctld/ctld.c
@@ -1132,7 +1132,7 @@ conf_verify(struct conf *conf)
assert(pg->pg_name != NULL);
if (pg->pg_discovery_auth_group == NULL) {
pg->pg_discovery_auth_group =
- auth_group_find(conf, "no-access");
+ auth_group_find(conf, "default");
assert(pg->pg_discovery_auth_group != NULL);
}
@@ -1159,6 +1159,7 @@ conf_verify(struct conf *conf)
break;
}
if (targ == NULL && ag->ag_name != NULL &&
+ strcmp(ag->ag_name, "default") != 0 &&
strcmp(ag->ag_name, "no-authentication") != 0 &&
strcmp(ag->ag_name, "no-access") != 0) {
log_warnx("auth-group \"%s\" not assigned "
OpenPOWER on IntegriCloud